Be aware! A lax vendor security practice is making everything, from Android smartphones to smart TVs vulnerable to cyber attacks. All because many vendors are shipping Android devices with open port setups that leave a big array of products exposed to cyber attack.
The port, 5555, is at the heart of the Android feature named Android Debug Bridge (ADB).
This function allows developers to communicate with devices remotely in order to control it and execute commands, in order to get all the diagnostic and debugging data.
ADB may have a very real and genuine use for developers, but a poorly or unsecured ADB port also gives hackers a chance to launch dangerous cyber attacks.
Companies and individual people must take certain precautions against this growing phenomenon of cyber attacks; they should implement at least a cybersecurity solution, like an antivirus, to protect their systems. Necessary things like regularly updating operating systems and other firmware, using an antivirus for Windows, an antivirus for Mac, or an antivirus for Android, depending on which OS your device is using. Companies must also hire professional cybersecurity firms to do regular checkups to their internal network a couple of times per year. These checkups must always include a penetration test and various ethical hacking test.
Vendors should make sure the port and ADB are properly secured at shipping; meaning that by default, devices should not have ADB enabled. However, most companies are not doing this responsibility and properly.
This big cybersecurity flaw is not new, for example, the cybersecurity researchers discovered, back in February, that a worm, named ADB.Miner was exploiting the ADB interface to spread cryptocurrency mining malware and hijack victim devices for mining crypto coins.
Smart television sets and mobile devices were the most affected by the ADB.Miner worm, which is only 24 hours infected over 5,000 devices.
ADB port flaw affects everything from US tankers to DVRs in Hong Kong and smartphones in South Korea. This is a very big cybersecurity flaw as it allows literally anybody, without any password, to remotely access these devices as ‘root’ and then silently install malware software and execute malicious functions.
The researchers also found that while root access should not exist in non-development builds, a bypass it is still possible on some devices.
Unfortunately, threat hackers are well aware regarding this cybersecurity flaw; because of that thousands of unique IP addresses are scanning for the open port in any 24-hour window at present, with a massive surge in port 5555 scanning and “thanks to” Network Address Translation and dynamic IP reservations a huge number of devices are affected.
To make things even worse, the Internet of Things (IoT) search engine Shodan has added the capability to look for port 5555. Indexing is still in progress, but the number of exposed devices has already reached over 15,000. The majority of them are in Asia, including China and South Korea.
These are not problems with Android Debug Bridge itself but you should check to see if ADB has been enabled, and disable it immediately, if you are not using it, on both rooted and non-rooted Android devices.
Keep in mind that every device represents a network entry point or a valuable data bank that must be protected by at least cybersecurity solution like an antivirus. Depending on which OS your machine is running, install an antivirus for Windows, an antivirus for Mac, or an antivirus for Android for total protection. Companies must take an extra step and hire a professional cybersecurity firm that will run various cybersecurity tests on your company’s network to implement only the best possible cybersecurity solution. Always opt for a package that includes at least a penetration test and ethical hacking test. For companies that exist 100% online, we recommend the using of cyber-secured web hosting services.